Photo Credit: Getty Images
Apple will update OS X and iOS to close a security whole in secure HTTP communications. Google already supplied a patch to its Android partners.
A new SSL vulnerability has been discovered yesterday that allows man-in-the-middle attacks of traffic between Android, iOS and OS X devices and secure HTTP sites including banks and credit card companies. The FREAK attack, FREAK stands for Factoring attack on RSA-EXPORT Keys, is critical as it is a cheap and rather fast hack. Ars Technica reports that an attack costs $100 per site and takes 7 hours to perform.
Apple and Google reacted reasonably quick and announced according to Reuters fixes for FREAK. Google spokeswoman Liz Markman said that they already developed a patch, and provided it to its partners. Google is though not in control when its partners are releasing the patch to its customers.
Apple spokesman Ryan James said that the software update to fix FREAK will be released for iOS and OS X next week.
A research team from organizations that include INRIA Paris-Rocquencourt and Microsoft have published FREAK and several other SSL-related vulnerabilities disclosed on Tuesday. The vulnerability is described in CVE-2015-0204.
The fix FREAK it also requires web site owners to patch their Secure Socket Layer implementation. From 14 million sites scanned more than 36% are vulnerable. Websites that support RSA export cipher suites (e.g., TLS_RSA_EXPORT_WITH_DES40_CBC_SHA) are at risk to having HTTPS connections hacked.
To find out more visit the Freak Attack site. The site lists web sites that are still vulnerable and unsafe to use. As of March 3. 9pm EST the list of insecure sites include AmericanExpress.com, jcrew.com, bloomberg.com and kohls.com.
Share this Story
You Might Also Like
Read the Latest from I4U News
Comments